Policies Index

Maintenance and Confidentiality of Records

View as PDF

1. Overview

1.1. Purpose

The delivery of high-quality education and care that is tailored to the individual relies on the provision of accurate personal information. Junior Adventures Group (JAG) recognises the right of families, children and staff to ensure that their personal information is accurate, secure and only used for the purposes for which it was collected.

1.2. Scope

JAG People are required to comply with the provisions set out in this policy, their contract of employment and all other relevant policies, procedures and legislation. It is the responsibility of the organisation leaders to keep up to date with compliance and practices that keep people’s data safe and only accessible to those who need it to deliver appropriate care and education.

1.3. Legislative Requirements

Under the Education and Care Services National Regulations, JAG is required to have policies and procedures in place to ensure the health, safety and wellbeing of the children in care.

2. Policy Statement

JAG is committed to the privacy and confidentiality of children, families and JAG People. We recognise that to deliver a good quality service, certain information needs to be collected from families that is accessible to staff to deliver the best education and care outcomes. We will protect individual privacy and are bound by Australian privacy laws.

3. Principles

3.1. Duty of Care

We have a duty of care to ensure the safety and wellbeing of children at the Service. This includes a quality management system that supports the identification and management of risk, good education and learning outcomes, response to individual needs of children we support and safekeeping of private information to assist in delivering the Service. We are bound by the Privacy Act 1988 and other legislation.

In some rare instances, we may be required by law to provide information about individuals. Where a request is made, this should always be authorised by a senior manager.

3.2. Our Confidentiality and Privacy Commitment

The current Confidentiality and Privacy Policy can be viewed on the website for each approved provider.

Families and JAG People are advised of why we collect information and their rights regarding the data we collect, store and access to deliver care and education at the Service.

3.3. Quality Management Systems

We are approved by the relevant regulatory authority and operate according to the National Quality Framework and other legislation. Our quality management system guides and directs our work, including identifying gaps in our processes and incidents where privacy may have been breached.

JAG is dedicated to ensuring that all JAG People understand our obligations in relation to accessing individuals’ private and confidential information. All JAG People are aware that they must escalate any privacy breaches to their Line Manager team of any privacy breaches. When a staff member is unsure whether an activity was a privacy breach, they must discuss the situation with their Line Manager. JAG People should complete an incident report to commence a review of the activity where a breach or possible breach has occurred.

3.4. Policies and Procedures

Our policies and procedures are developed, reviewed and implemented in consultation with relevant internal and external stakeholders. We regularly review and audit them to identify areas to strengthen our systems and processes. This includes internal audits conducted periodically by Management in collaboration with the Service Leader. This audit will confirm that appropriate records are maintained and identify gaps in processes or systems that need to be addressed.

3.5. Data Breaches or Loss of Personal Information

There are significant consequences to personal data becoming available to people who should not have access to it. In some cases, it can lead to serious harm to an individual/s. The organisation has a data breach response plan in place.

The first step is for staff to notify the Service Leader or director of the breach. They are trained to assess the situation and enact the appropriate response. This includes local actions, notification to individuals whose personal data has been compromised and notifying the Office of the Australian Information Commissioner.

3.6. Responsibilities and Accountability

All JAG People are responsible for maintaining information privacy.

3.7. Staff Capability

In the event of a data breach, staff members will notify the Line Manager, complete an incident report and be provided guidance on further actions to be completed.

In the spirit of continuous improvement and strengthening our service, we will provide opportunities for team members at each service to critically evaluate our data management and day-to-day application of privacy and confidentiality processes. Feedback about improving our systems is encouraged.

3.8. Leading Effective Practices

Staff will not disclose information on matters relating to other staff or Management except for operational purposes of the Service for the welfare of the children or when required to do so in a court of law.

Team meetings will provide a platform for discussion about privacy laws and the rights of children, families and staff to have their information secured and used only for the purposes of providing the service.

3.9. Record Keeping

Records are stored in a confidential and secure manner, and data security measures will be implemented (e.g., passwords, secure premises storage and appropriate data access restrictions).

All personal information is retained following relevant procedures. Rigorous care is taken to appropriately protect personal information from unauthorised access, modification and disclosure, misuse, interference and loss. All electronic records are stored using appropriate organisation-approved information technology systems.

Staff will not disclose information on any matter relating to children other than to the parents/guardians of that child except in the following circumstances, in consultation with Management:

• when required to do so in a court of law

• when the welfare of the child is in question and government or professional agencies have been authorised to access records

• when required by organisational policy (e.g., medical or emergency management).

Senior Management is responsible for ensuring that all staff understand and abide by our policies and procedures concerning information privacy and confidentiality.

3.10. The Board

The Board will be advised of privacy breach activity across the organisation which will include trend analysis, information on serious privacy breaches and updated on the actions taken to resolve the issue. The Board may provide further support and guidance to reduce risk and improve the Service.

3.11. Child Safety

We safeguard children through our procedures and practices, with particular attention to the maintenance and confidentiality of their records. Policies and practices reflect the relevant legislation, including the National Principles for Child Safe Organisations.

JAG provides polices and procedures to equip JAG people with the knowledge, skills, and awareness to keep children safe. Service Practice are continuously reviewed and improved to ensure current legislation is in effect throughout the business.

4. Key Terms

Confidentiality:

  • The keeping of another person’s information or private data

JAG People:

  • Any adult that governs, manages, conducts work for or provides activities to JAG in a paid or unpaid activity spanning all levels of the organisational structure

Line Manager:

  • The persons in the direct supervisory role overseeing the work of the particular JAG person. The JAG persons escalate matters toward the person in this role, in the event of incidents and breaches.

Privacy:

  • The right to be left alone; in the case of information privacy, it is the right to have control over how your personal information is collected and used

Service Leader:

  • Anyone who oversees the Service in one of the following roles:

    1. The Approved Provider; if the approved provider is an individual, in other cases, a person with management or control of the Service

    2. The Nominated Supervisor of the Service

    3. A Responsible Person who has been placed in day-to-day charge of the Service in the absence of the Nominated Supervisor.

The Privacy Act 1988 (Privacy Act):

  • The principal piece of Australian legislation protecting the handling of personal information about individuals; this includes the collection, use, storage and disclosure of personal information in the federal public sector and in the private sector

Team Members:

  • JAG People that work directly with Children

5. References

Education and Care Services National Law and Regulations

National Quality Standards for Early Childhood Education and Care and School Care

Children Education and Care Services National Law Act 2010

Educational and Care Services National Regulations

National Quality Framework Resource Kits

ACECQA – National Quality Framework

The Privacy Act 1988 (Privacy Act)

The Australian Privacy Principles guidelines

The Australian Privacy Principles Other Relevant Legislation

Regulation 111 – Administrative space

Regulation 158 – Children’s attendance record to be kept by approved provider

Regulation 168 – Education and care service must have policies and procedures

Regulation 170 – Policies and procedures to be followed

Regulation 171 – Policies and procedures to be kept available

Regulation 172 – Notification of change to policies or procedures

Regulation 181 – Confidentiality of records kept by approved provider

Regulation 183 – Storage of records and other documents Related Policies

Safeguarding Children and Young People

Governance, Management and Leadership

Emergency Management Plan and Procedures

Technology, Devices and Internet Use Related Procedures

Procedure Collections

07P002 Record Keeping and Archiving Procedures

HR Staff Policies and Procedures

IT Policies and Procedures Other

Checklist of Obligations Under the National Quality Framework

Guide to National Laws and Regulations

Quality Area 7: Standards 7.1, 7.2

OCG Guide to Child Safe Standards - https://ocg.nsw.gov.au/child-safe-scheme

CCYP Child safe Standards - https://ccyp.vic.gov.au/child-safe-standards/

National Principles for Child Safe Organisations - https://childsafe.humanrights.gov.au/national-principles

Version 3.0 Change History

JAG Policy Change Register Date Approved 01/07/2023 Date Implemented

01/07/2023 Document Owner Quality Service Development Document Approvers

CEO / Approved Provider Next Review 12 Months